Author

Topic: Reclaiming control over our Identity - Self-Sovereign Identity (Read 205 times)

legendary
Activity: 2926
Merit: 1386
So, OP doesn't really have a solution to the identity fraud problem without centralization?


What's wrong with >50% of miners confirming and validating identity in a distributed network?
jr. member
Activity: 44
Merit: 1
So, OP doesn't really have a solution to the identity fraud problem without centralization?

Ugh, I regret sending merit to this spam ICO Sad


Hi Bluefirecorp, thank you for your enthusiasm in your replies earlier! Not very friendly of you to call me SPAM, no hard feelings, I assume you were waiting for an answer. Apologies for the delay, today was a hectic day.

As you pointed out we need to be able to validate that each self-sovereign identity is who they say they are.

When working with Self Sovereign identities it has to be possible to verify that the identity belongs to a real person meeting the requirements to be eligible for the service in which he wishes to partake, whether voting, trade, or something else.

An example:

1) The person has created his own DID and saves his encrypted private key using, for example, biometric authentication.

2) The DID is registered on the blockchain, along with its public key and an end-point (a way for other users to request identity information from the person)

3) The person can add information to his identity, for example, his student ID number, the information is not stored on the blockchain, the information is only considered 'self-claims' as nobody has validated whether what the person claims is true.
-information cannot be stored on the blockchain as this would fail GDPR, even if encrypted. The solution is to store it off-chain in a private ledger, which would also benefit the identity blockchain itself. The private ledger would exist on the hardware of the person and would be stored with an agency, who itself cannot read the data, allowing for the person to recuperate his data when he loses his hardware. The person is able to remove all data if he desires to do so.

4) The end-point allows third parties to request identity information. However what is important is that the person can be validated first and that the validator is indeed who they say they are too (encrypted exchange signed by private keys). For example, an agency can verify the email address and then issue a claim of authenticity which becomes anchored onto the main identity chain. (with no information recorded on the blockchain revealing the actual information. Another example is that in order for the person to validate the claim that he is the individual with the specific in the above example, he would have to pass the procedure which the University has set forward to validate his claim to link the specific student number to the DID, whether manual or automated. An additional level of security comes into claims only being issued once for a specific attribute, such as a birth certificate can only be linked to one DID.
-After issuing the claim a receipt of this transaction, containing what type of information, not the information itself, that was shared between each party is stored on each parties private ledger. A hash of this is stored on the identity blockchain (legal proof of permission).

5) The university would be claim issuer and validator, the university would publish onto the blockchain a schema for each type of claim they will issue, the schema defines what type of information is involved with the claim (e.g. name, birth date, country of birth). Anyone would be able to look up this schema and determine what type of atomic information they might request from the identity holder who processes such a claim. (only the necessary amount of information may be requested) For example, the only thing a retailer giving discounts to students needs to know is that the claim is for a currently enrolled student.
-The university might also issue a more universal claim that the person is indeed the person as far as it can attest, these relationships then become what we call the web of Trust. (which is very relevant for people without access to a recognized validator such as refugees, as individuals could recognize each other, non-profits could etc.)

6) The person will be informed when someone requests information from his Self-Sovereign identity and has the ability to accept to reveal that information or not, with potentially local permissions to automatically grant requests for certain types of information.
-The claim validator does not know the details of the entity requesting information avoiding correlation and the leaking of privacy. (the university if asked to validate a persons age, it would not know why or by whom)

=> Through the web of trust, the validity of claims is built upon, and while a name can be faked, an identifier cannot because of the immutable nature of the blockchain and its trust mechanisms. It does allow people to build up an identity from scratch, such as a refugee, while also allowing a quick entrance from claims issued by trusted authorities such as a government.

How identities without validation from trusted authorities operate, and what trusted authorities are within our legal systems, communities and larger economy is a different question altogether. The web of trust will become a powerful tool, one where service providers will set up and work towards additional validation systems as the market grows. The absence of trusted authorities does not stop Self-Sovereign identities to take off.

A DID absent of certain validations can be excluded by some service providers requiring those validations. For example, a person might not be able to identify himself with an unvalidated DID in a court. What level of validation and by whom in order to be considered a validated identity has no black and white answer.

I would love to continue having a conversation with you, please take into account I am only answering the messages on certain times as these hectic times.

Have a good evening.

Jens

full member
Activity: 574
Merit: 152
So, OP doesn't really have a solution to the identity fraud problem without centralization?

Ugh, I regret sending merit to this spam ICO Sad
legendary
Activity: 3318
Merit: 2008
First Exclusion Ever
A isn't B because B = B.

You're a retard man.

This is about issuing identities, not creating a trade-ecosystem.

Why you always follow me around posting retarded ass shit? It's like you're trolling on purpose.

You wish you were important enough to be that on my radar. Identity and trade are inexorably linked. I don't really even need to respond any further to this statement, you did my job for me thanks.
full member
Activity: 574
Merit: 152
How would you prevent fraud?

What stops me from issuing identities for bluefirecorp, bluefirecorp2, bluefirecorp3, bluefirecorp4?



What stops you from doing the same thing here?

Centralized authority.

Not really. The staff here do not mitigate or enforce actions against fraud, they simply respond to complaints after the fact. The host is centralized, but a similar system of community enforced trust is still scalable to decentralized platforms exactly as it would be here.

A isn't B because B = B.

You're a retard man.

This is about issuing identities, not creating a trade-ecosystem.

Why you always follow me around posting retarded ass shit? It's like you're trolling on purpose.
legendary
Activity: 3318
Merit: 2008
First Exclusion Ever
How would you prevent fraud?

What stops me from issuing identities for bluefirecorp, bluefirecorp2, bluefirecorp3, bluefirecorp4?



What stops you from doing the same thing here?

Centralized authority.

Not really. The staff here do not mitigate or enforce actions against fraud, they simply respond to complaints after the fact. The host is centralized, but a similar system of community enforced trust is still scalable to decentralized platforms exactly as it would be here.
full member
Activity: 574
Merit: 152
How would you prevent fraud?

What stops me from issuing identities for bluefirecorp, bluefirecorp2, bluefirecorp3, bluefirecorp4?



What stops you from doing the same thing here?

Centralized authority.
legendary
Activity: 3318
Merit: 2008
First Exclusion Ever
How would you prevent fraud?

What stops me from issuing identities for bluefirecorp, bluefirecorp2, bluefirecorp3, bluefirecorp4?



What stops you from doing the same thing here?
full member
Activity: 574
Merit: 152
How would you prevent fraud?

What stops me from issuing identities for bluefirecorp, bluefirecorp2, bluefirecorp3, bluefirecorp4?

newbie
Activity: 11
Merit: 0
I think you are absolutely right about the issues we are facing with centralised entity power. Action must be taken and what you guys are doing is definitely moving in the right direction... I think it can be considered as a start for big change in the way we perceive government.   Cool
jr. member
Activity: 44
Merit: 1
Title: Why Decentralised Identity Management?
Setting: This thread is created to start a discussion on decentralized identity management.

Decentralized identity management – Self-Sovereign identity

Recognised identity
Several organisations are working on creating a decentralised identity solution, yet no solution has prevailed. To date, we remain dependent on our governments to organise and establish our identities for us. This implies that people without official Government recognition have no “form of identity”  to participate in modern society.

Digital identity
Furthermore, it is important to realise that our Identity is no longer limited to what is written on our passports; the internet and technologic innovations in data management lead to the creation of our digital identity. Our digital identities show our behaviors, favorite locations, and even the meals we ate yesterday; opposite to our government recognized identities, our digital identity is mostly controlled by large corporations.

The problems with not having access to a recognised identity and the associated exclusion from society are obvious. Our digital identities prove to be more ambiguous in nature, spread out across corporations, governments, and organizations in whose services we participate or we have happened to cross, if they have not crossed us prior. Our actions in these services are gathered into our profiles. Our collective profiles become our digital identity. Stored across databases, ready for abuse, theft, and influence.

While this risk of identity theft brings fear into our hearts, it is not as dangerous as the influence exercised through our digital identities.  Silent and unnoticeable, our collective digital identities, or better how they are managed have strong implications in our society. Shaping and influencing minds and actions, justified under what suits the narrative of the day - examples of justifications are the protection of free speech, tolerance and other words with an empowering after flavor.

Solution: Self-Sovereign identity - Take back control.

In essence, each individual has to be given the right to an identity as well as ‘ownership’ of their identity.

The basic proofs of concept of Identity Managment are easy,  however, it quickly becomes challenging when covering all nuances.

What is identity in a digital, decentralised context? An identity consists of a unique identifier, representing an individual, along with a set of attributes associated with the identity, for example:

-A Unique ID
-Your Name
-Your Birthdate
-Social information (family, likes, jobs, yesterday’s lunch)

A unique ID in the digital world is a bunch of 1’s and 0’s unique within a particular domain. This could be your email address, or it could be a seemingly random number like ‘did:earth:423dab4dfe3b5’, enforced through authentication systems such as a readable digital identity card, a password or private key, known only by the identity holder.

Returning Identity back into the control of the individual. Requirements:

1) Individual initiative: Individuals take the initiative to create and register their unique identifier or identification number on a decentralized identity management platform or application.
-If created by someone else, there is no assurance we are starting with a clean slate (because the other party might retain the private key or seed). When registered, the mechanism doing so needs to be fully transparent to assure that it is unique.
2) Local storage: Storage of all the associated attributes of our identity remains under the control of the individual. Stored on our own devices, easily moved at our will. Not to be stored on a public ledger; only anchored via the individual’s identifier.
3) Freedom to choose: The individual has the freedom to choose which attributes are associated with their identity, such as their name, birthdate, social information they wish to include, etc.
4) Permission-based verification: The individual gives permission to an authoritative agency which can vouch for an attribute, such as our birth certificate or a KYC/AML check, separately for each attribute, in the process building a web of trust.
5) Right to privacy:   
-If another individual would like to look at our identity, the individual decides what and how much detail can be viewed, and for how long they can store this information if at all.
-When the individual does share information, it will be uncorrelated with information we share with other parties, or even the same party at a different time, allowing to build up a secret profile.
7) Right to be forgotten: Whenever the individual desires, they should be able to remove a particular attribute, or even everything associated with their unique identifier, and revoke permission for others to store or see it from that point on.
8 ) Easy and secure: All steps mentioned above need to be easy in operation and managed for the individual in a secure manner allowing for the decentralised identity to be used by both a pre-teen as well a grandmother.  

The paradigm shift which will follow the introduction of Self-Sovereign identities into our society will impact all our lives, bringing forward global empowerment of all people.

Creating a Decentralised Identity solution as described above can be accomplished today with recent technological advances, bringing cost-effectiveness, scalability for mass adoption, and universality within reach. Standardized schemas are being developed for how data is formatted bringing universal adoption through a mechanism called ‘Universal Discovery’. As long as all specific decentralized identity management systems follow the enforceable schemas, they can cooperate between one another.

The universal discovery process connects to the correct provider for the resolution of each identity query. If the individual truly has control of their identity data, they are free to move between solutions of their choosing. From that point onwards, economics and value-adds such as performance, regional value, and premium services, along with demonstrably altruistic intentions, determine the dominant solutions.

The creation and implementation of Decentralised Identity Management will send ripples across the world affecting our business and personal lives, it will as well fundamentally change the way governments operate. The evolution towards decentralized identity management is a required shift from current society. It will be a crucial element for the betterment and empowerment of many lives.  

-If voting can be organized autonomous and in full transparency, why do we trust a centralized entity to determine the outcome?
-If I comply with all the laws of my hosting nation, why can’t I be anonymous?  
-Why do we require a government to validate whether we have the right to exist?

NEXT POLL:
Are we ready for the first operational decentralized identity solution, validated by a borderless sovereign society?


 
Jump to: